similar to: [Bug 1022] arcfourfixes cipher support

https://bugzilla.mindrot.org/show_bug.cgi?id=2466 Bug ID: 2466 Summary: Cipher defines from opensslconf.h Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: Linux Status: NEW Severity: minor Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org

While compiling openssl with option `no-des', it caused the openssh build failure ... cipher.c:85:41: error: 'EVP_des_ede3_cbc' undeclared here (not in a function); ... Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com> --- cipher.c | 2 ++ configure.ac | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/cipher.c b/cipher.c index

https://bugzilla.mindrot.org/show_bug.cgi?id=3603 Bug ID: 3603 Summary: ssh clients can't communicate with server with default cipher when fips is enabled at server end Product: Portable OpenSSH Version: 9.4p1 Hardware: All OS: Linux Status: NEW Severity: critical

By making a one-line change it is possible to enable the cipher 'none' in openssh. But you still have to ask for it explicitly, either by adding it to /etc/ssh/ssh_config or by giving the '-c none' option to ssh. I think that this 'feature' should be turned back on, because for slow machines or large file transfers, using encryption slows things down a lot. This means

https://bugzilla.mindrot.org/show_bug.cgi?id=3194 Bug ID: 3194 Summary: Please consider lowering chacha20-poly1305 at openssh.com cipher priority on AES-NI capable CPU Product: Portable OpenSSH Version: 8.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: enhancement

https://bugzilla.mindrot.org/show_bug.cgi?id=1430 Summary: Restore support for "none" cipher, i.e., unencrypted connections Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: Other Status: NEW Severity: normal Priority: P2

http://bugzilla.mindrot.org/show_bug.cgi?id=1055 Summary: Problem with arcfour cipher and OpenSSL 0.9.7g Product: Portable OpenSSH Version: 4.1p1 Platform: Itanium2 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy:

https://bugzilla.mindrot.org/show_bug.cgi?id=2704 Bug ID: 2704 Summary: Avoid passing pointers between processes Product: Portable OpenSSH Version: -current Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

Hi, Is cipher "3des-ctr" supported by openssh? It is not mentioned in the list of supported ciphers in the man page of ssh_config: Thanks, Sunil Ciphers Specifies the ciphers allowed for protocol version 2 in order of preference. Multiple ciphers must be comma-separated. The supported ciphers are ''3des-cbc'', ''aes128-cbc'',

https://bugzilla.mindrot.org/show_bug.cgi?id=2290 Bug ID: 2290 Summary: documentation of algorithms Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: Documentation Assignee: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=1801 Summary: cipher_spec section of ssh man page needs update Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: unassigned-bugs at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=371 Summary: OpenSSH fails to build on Alpha True64 in cipher.c Product: Portable OpenSSH Version: -current Platform: Alpha OS/Version: OSF/1 Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org

>> I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. > > There is no need to disable TLSv1.3 and attempts to do so will be flagged as ?downgrade attacks?. Let us ignore TLSv1.2 as a downgrade option. And focus on TLSv1.3 for its entirety of this thread. If the ciphersuite (not cipher for that's a TLSv1.2 term), but a

On Aug 25, 2014, at 9:52 AM, Damien Miller <djm at mindrot.org> wrote: > On Wed, 20 Aug 2014, HAROUAT, KARIM (KARIM) wrote: >> Sorry to disturb you but I am looking for a question I have, but I don't find any clue for it on the archive list, neither Internet (google search). >> Id like to know in sshd_config file, if the order given for cipher key word has an impact

CentOS 7 Dovecot 2.2.36 Nov 14 07:13:08 mail dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=73.0.0.0, lip=192.64.118.242, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session=<> Was working fine for over a year, until the cert expired and I replaced it. I've tried the good cert I have for

Hello, I understand that I can use the openssl ciphers and digests available on my systems, i.e. those in the list generated by "openssl list-cipher-commands" and "openssl list-message-digest-algorithms". I want to create a admin vpn network between my servers and my workplace. Network throughput is not a big issue, I am using ssh and the cli, however I would also do

Hi, According to IETF draft draft-ietf-secsh-transport-14.txt, different ciphers(encryption), MAC and compression can be used for one direction say server-to-client and a completely different cipher, MAC and compression for the other direction client-to-server of the same connection. Is this supported today in OpenSSH, and if not, are there plans to support it in any future releases of the code?

Hi all, this is a patch to make Ciphers, MACs and KexAlgorithms available in Match blocks. Now I can reach a -current machine with some Android terminal app without changing the default ciphers for all clients: Match Address 192.168.1.2 Ciphers aes128-cbc MACs hmac-sha1 KexAlgorithms diffie-hellman-group-exchange-sha1 Index: servconf.c

Hi Sorry to disturb you but I am looking for a question I have, but I don't find any clue for it on the archive list, neither Internet (google search). Id like to know in sshd_config file, if the order given for cipher key word has an impact please? I mean is there a difference for the server if I do the config like : e.g Ciphers aes128-ctr,aes256-ctr vs Ciphers aes256-ctr,aes128-ctr ?

Hi, Although cipher-speed.sh isn't failing, its output is useless on some platforms. Aside from the definition of $DATA noted in a previous post to this list, it makes assumptions about dd's status message and the behaviour of echo. The patch below addresses these issue, at least on RHEL. Index: regress/cipher-speed.sh ===================================================================